The Certificate of Cloud Security Knowledge (CCSK) by the Cloud Security Alliance (CSA) is the first certificate that focuses on cloud computing security. It is currently the most prestigious cloud certificate available. The certificate demonstrates that the IT professional has the conceptual knowledge and implementation skills to deploy a cloud solution with a security risk based approach.
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within cloud computing. The CCSK is strongly supported by a broad coalition of experts and organizations from around the world. The collaboration between CSA and ENISA means that the world’s two leading organizations for vendor-neutral cloud security research are providing the foundation for the industry’s first cloud security certification.
To study for the exam you need to have a comprehensive knowledge of the CSA v2.1 Guidance document and the ENISA whitepaper. Both papers can be downloaded from the Cloud Security Alliance website.
- Gain competency in the 13 domain topics of the CSA Guidance For Critical Areas of Focus in Cloud Computing V2.1
- Show understanding of ENISA Cloud Computing: Benefits, Risks and Recommendations for Information Security
- Be aware of applied knowledge as it relates to: classifying cloud providers into S-P-I model, redundancy, securing popular cloud services, vulnerability assessment considerations, and practical encryption use cases.
The exam is an online test that costs $295.00. It involves the 13 domains in the CSA Guidance document, the ENISA whitepaper, and applied knowledge. It is a timed exam, you have 60 minutes to answer 50 questions and you need an 80% to pass the exam (40 out of 50 questions correct). In 2011, the pass rate was reported to be around 53 percent. As stated by Jim Reavis, Executive Director and Co-founder of the Cloud Security Alliance, “we wanted to make this test moderately difficult, but as it has turned out, the exam is harder than we expected.” From personal experience, it is a very hard exam so make certain you have a deep understanding of the security principles involved in cloud computing before you attempt the exam. There are just over 1,000 CCSK professionals.
The topics covered in the CCSK Exam:
- Applied
- Domain 1 - Architecture
- Domain 2 - Governance and ERM
- Domain 3 - Legal and eDiscovery
- Domain 4 - Compliance and Audit
- Domain 5 - Information Lifecycle Management
- Domain 6 - Portability and Interoperability
- Domain 7 - Traditional Security
- Domain 8 - Data Center Operations
- Domain 9 - Incident Response
- Domain 10 - Application Security
- Domain 11 - Encryption and Key Mgt
- Domain 12 - Iddenty and Access Mgt
- Domain 13 - Virtualization
- ENISA
The CCSK is for a wide range of IT professionals. Since the CCSK covers a broad array of topics such as architecture, governance, legal, compliance and audit, and information management and data security, it gives a holistic viewpoint of security related issues in the adoption of cloud services. In general, the CCSK would be beneficial for Security Architects, Cloud Brokers, Service Providers, Infrastructure Architects, and IT leaders.